Welcome to the WindowsNetworking.com newsletter by Debra Littlejohn Shinder, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: dshinder@windowsnetworking.com

SDN: The Next Big Thing in Networking?

If you keep up with the latest trends in IT, you’ve probably already heard about Software Defined Networking, or SDN. If you’ve been working 26 hours a day (well, sometimes it feels like it), just trying to keep your servers all running and your users happy in an age of tight budgets and overworked, understaffed IT departments, you might not be familiar with the term. But it’s a good bet that you’ll be hearing about it soon.

The concept of SDN seems to be a little unclear, even to those who are writing about it or marketing it. You can come away from some of the articles and ads more confused than you were before. They talk about the SDN “movement” and you’ll see lots of references to OpenFlow, but not necessarily any clear explanations of what it is and how it works. No wonder a recent survey of businesses found that only 17% of respondents said they understand the details of SDN, with 35% claiming to understand the basics and 48% saying they have only a “general idea” of what it’s about.

A good place to start learning about SDN is the web site of the Open Networking Foundation (ONF), which exists to help develop standards for the SDN architecture. The ONF has only been around since 2011, but it includes such members as Microsoft, Verizon, Google and Facebook. There are over 70 organizations that currently belong. Their goals for bringing SDN to the networking world revolve around OpenFlow, an open source protocol designed to enable SDN.

But exactly what is SDN all about, anyway? The key characteristic of Software Defined Networking is the separation of the virtual network from the physical network, through a layer of software that hides the physical topology from the applications. This makes it far easier to reconfigure and manage networks and decreases the need for sophisticated (and expensive) networking hardware (the routers and switches). OpenFlow is the most common way (but not the only way) for the control plane to communicate with the data plane.

The idea is that you should be able to program a network as if it were a computer. That makes for customization of the network to fit an organization’s particular needs, and routers will no longer have to expend so much of their resources on topology discovery. Just as virtualization of servers saves companies money by reducing the number of physical machines, virtualization of networks should result in reduced costs for datacenters, as well. SDN also works in conjunction with the cloud, making for faster and more efficient communications with cloud-based resources.

SDN will make it easier for companies to use hardware made by different vendors, instead of being locked in to a particular supplier. That’s a good thing, but it can also introduce new levels of complexity and result in a network environment that’s more difficult to secure properly. In fact, security is one of the big concerns that have been raised in regard to SDN. It’s not that the SDN architecture is inherently less secure, but rather that it will present new targets of attack, most obviously the SDN controller. The ability to centralize control is a good thing, but protection of the controller will require new security measures that you might not be used to implementing. The splitting up of the control plane and data plane create the need for a new way of looking at security.

SDN has the potential to be more secure, with better automation of security measures through the ability to apply security policies programmatically at all levels. This can eliminate some of the security risks that occur through human error. As with so many technology scenarios, it’s all about the implementation.

SDN is already being deployed by some large companies, such as Google, but it’s also a technology that’s still in its infancy. You’d be smart to keep an eye on how it evolves over the next few years, as it’s very likely that sooner or later, SDN will be coming to a network near you.

=======================Quote of the Month - Distrust and caution are the parents of security. – Benjamin Franklin=======================

2. ISA Server 2006 Migration Guide - Order Today!

Dr. Tom Shinder's best selling books on ISA Server 2000 and 2004 were the "ISA Firewall Bibles" for thousands of ISA Firewall administrators. Dr. Tom and his illustrious team of ISA Firewall experts now present to you , ISA Server 2006 Migration Guide. This book leverages the over two years of experience Tom and his team of ISA Firewall experts have had with ISA 2006, from beta to RTM and all the versions and builds in between. They've logged literally 1000's of flight hours with ISA 2006 and they have shared the Good, the Great, the Bad and the Ugly of ISA 2006 with their no holds barred coverage of Microsoft's state of the art stateful packet and application layer inspection firewall..

3. WindowsNetworking.com Articles of Interest

4. Administrator KB Tip of the Month

Virtual Smart Cards

Two factor authentication is fast becoming a de facto requirement for all security-conscious organizations because of the demonstrated weaknesses in the traditional user name and password approach. But which two-factor authentication method should you use? Microsoft has been a big fan of smart cards, but the use of smart cards isn’t as widespread as you might think. Why is that?

There are problems with smart cards, with the provisioning process as well as the fact that you might forget your smart card being among the biggest concerns. Windows Server 2012 helps solve the problem of a missing smart card by providing the option of using a “virtual smart card”. The virtual smart card is stored in the computer’s TPM and is always available to the user. It’s a pretty nice solution. Check out Understanding and Evaluating Virtual Smart Cards for more information on how to get started with this great new Windows Server 2012 technology.

5. Windows Networking Tip of the Month

If you've started working with Windows Server 2012, you probably have noticed that it uses a tile-based interface similar to what you see in Windows 8. In fact, we discussed that not long ago in a feature article of this newsletter. The good news is that you don't get dumped into this “modern UI” when the machine boots, as you do with the Windows 8 client. In fact, you almost never have to go into The Interface Formerly Known As Metro after you get the operating system set up. But before you get it set up, you need to do some housekeeping in order to make the interface a little more user-friendly. One thing you should definitely do is make sure that both the PowerShell icon and the command prompt icon are pinned to the taskbar.

Another thing you can do to make the Windows Server 2012 desktop feel more like home is to install the Desktop Experience feature. You install that feature the same way you install other features in Windows Server 2012, from the Server Manager. After you do that, you can put the Computer, Network, Recycle Bin and other icons on the desktop. In addition, you can customize the taskbar so that you have small icons.

I heard that Windows Server 2012 supports NIC Teaming right out of the box. That's great! But what about virtual machines running inside of Hyper-V? Can they take advantage of NIC Teaming too?

Thanks! – Roy.

ANSWER:

Hi Roy,

I have good news for you. Yes, you can use NIC Teaming with virtual machines in Windows Server 2012 Hyper-V. What you need to do is create a virtual switch that is connected to each NIC in the team. In other words, if you have two NICs in a team, then you will create two virtual switches – one switch that's connected to NIC A and one switch that's connected to NIC B. If NIC A becomes unavailable, then all the traffic will move through NIC B, and vice-versa. Also note that you can use NIC Teaming even if you're using SR-IOV, which bypasses the virtual switch. In fact, you can have a NIC Team in which one of the NICs is using SR-IOV and one of the NICs is not. Failover will still work, as will bandwidth aggregation. For more information on Windows Server 2012 NIC Teaming, please see http://technet.microsoft.com/en-us/library/hh831648.aspx